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TECHNICAL  SUMMARY 


Our  research  concentrated  on  the  following  topics: 

•  Binary-Search  Algorithms  ([MVVT]) 

Some  of  the  most  efficient  numerical  algorithms  rely  on  a  binary-search  strategy;  according  to 
this  strategy,  the  interval  in  which  the  desired  output  is  sought  is  divided  roughly  in  half  at  each 
iteration.  This  technique  is  so  useful  that  some  authors- (e.g.,  Dershowitz  and  Manna,  and  Smith 
f-have  proposed  that  a  general  binary-search  paradigm  or  schema  be  built  into  program  synthesis 
systems  and  then  specialized  as  required  for  particular  applications. 

It  is  certainly  valuable  to  store  such  schemata  if  they  are  of  general  application  and  difficult  to 
discover.  This  approach,  however,  leaves  open  the  question  of  how  schemata  are  discovered  in  the 
first  place.  VVe  nave  found  that  the  concept  of  binary  search  appears  quite  naturally  and  easily  in 
the  derivations  of  some  numerical  programs.  The  concept  arises  as  the  result  of  a  single  resolution 
step,  between  a  goal  and  itself,  using  our  deductive-synthesis  techniques. 

The  programs  we  have  produced  in  this  way  (e.g..  real-number  quotient  and  square  root, 
integer  quotient  and  square  root,  and  array  .sea'-ching)  are  quite  simple  and  reasonably  efficient, 
but  are  bizarre  in  appearance  and  different  from  what  we  would  have  constructed  by  informal 
means.  For  example,  we  have  developed  by  our  synthesis  techniques  the  following  real-number 
square-root  program  sqrt{r,£): 

(if  max(  r.  1 )  <  f 
then  0  ^ 

else  if  [.s<'/rf(r,  2c) -He]'  <  r 
then  .sc/rt{r.  2c) -b  c 
else  s<irt[r.  2c). 


The  program  tests  if  the  error  tolerance  c  is  sufficiently  large;  if  so,  0  is  a  close  enough  approxi¬ 
mation.  Otherwise,  the  program  finds  recursively  an  approximation  within  2c  less  than  the  exact 
s<iuare  root  of  r.  It  then  tries  to  refine  this  estimate,  increasing  it  by  c  if  the  exact  square  root  is 
large  enough  and  leaving  it  the  same  otherwise. 


This  program  was  surprising  to  us  in  that  it  doubles  a  number  rather  than  halving  it  as  the 
classical  binary-search  program  does.  Nevertheless,  if  the  repeated  occurrences  of  the  recursive  call 
s(irt{r.2e)  are  combined  by  common-subexpression  elimination,  this  program  is  as  efficient  as  the 
familiar  one  and  somewhat  simpler. 

•  Logic:  The  Calculus  of  Computer  Science  ([MW'2]) 

The  research  papers  in  which  we  have  pre.sented  the  deductive  approach  to  program  synthesis 
has  been  addressed  to  the  usual  academic  readers  of  the  scholarly  journals.  In  an  effort  to  make  this 
work  accessible  to  a  wider  audience,  including  computer  science  undergraduates  and  programmers, 

we  have  developed  a  more  elementary  treatment  in  the  form  of  a  two-volume  book,  The  Logical - - 

Basis  for  Computer  Programming,  Addison-VVesley. 

1  his  book  requires  no  computer  programming  and  no  mathematics  other  than  an  intuitive  _ 

iiiiderstanding  of  sets,  relations,  functions,  and  numbers:  the  level  of  exposition  is  elementary.  Coda 
Nevertheless,  the  text  presents  some  novel  research  results,  including  la/or" 
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•  theories  of  strings,  trees,  lists,  finite  sets  and  bags,  which  are  particularly  well  suited  to 

theorem-proving  and  program-synthesis  applications; 

•  formalizations  of  parsing,  infinite  sequences,  expressions,  substitutions,  and  unification; 

•  a  nonclausal  version  of  skolemization; 

•  a  treatment  of  mathematical  induction  in  the  deductive-tableau  framework. 

•  A  Theory  of  Plans  ( [MW3][MW  I]) 

Problems  in  commonsense  and  robot  planning  were  approached  by  methods  adapted  from  our 
program-synthesis  research;  planning  is  regarded  as  an  application  of  automated  deduction.  To 
support  this  approach,  we  introduced  a  variant  of  situational  logic,  called  plan  theory,  in  which 
plans  are  explicit  objects.  A  machine-oriented  deductive-tableau  inference  system  is  adapted  to 
plan  theory.  Equations  and  equivalences  of  the  theory  are  built  into  a  unification  algorithm  for  the 
system.  Frame  axioms  are  built  into  the  resolution  rule. 

Special  attention  was  paid  to  the  derivation  of  conditional  and  recursive  plans.  Inductive 
proofs  of  theorems  for  even  the  simplest  planning  problems,  such  3.5  clearing  a  block,  have  been 
found  to  require  challenging  generalizations. 

•  A  Resolution  Approach  to  Temporal  Proofs  ([AMI]) 

A  novel  proof  system  for  temporal  logic  was  developed.  The  system  is  based  on  the  classi¬ 
cal  non-clausal  resolution  method,  and  involves  a  special  treatment  of  quantifiers  and  temporal 
operators. 

Soundness  and  completeness  issues  of  resolution  and  other  related  systems  were  investigated. 
While  no  effective  proof  method  for  temporal  logic  can  be  complete,  we  established  that  a  simple 
extension  of  the  resolution  system  is  as  powerful  as  Peano  Arithmetic. 

We  have  investigated  the  u.se  of  the  system  for  verifying  concurrent  programs.  We  also  provided 
analogous  resolution  systems  for  other  useful  modal  logics,  such  as  certain  modal  logics  of  knowledge 
and  belief. 

•  Temporal  Logic  Programming  {[.AM'ij) 

Temporal  logic  is  a  formalism  for  reasoning  about  a  changing  world.  Because  the  concept  of 
time  is  directly  built  into  the  formalism,  temporal  logic  has  been  widely  used  as  a  specification 
language  for  programs  where  the  notion  of  time  is  central.  For  the  same  reason,  it  is  natural 
to  write  such  programs  directly  in  temporal  logic.  We  developed  a  temporal  logic  programming 
language,  templog,  which  extends  classical  logic  programming  languages,  such  as  PROLOG,  to 
include  programs  with  temporal  constructs.  A  PROLOG  program  is  a  collection  of  classical  Horn 
clauses.  A  TEMPLOG  program  is  a  collection  of  temporal  Horn  clauses,  that  is,  Horn  clauses  with 
certain  temporal  operators.  An  efficient  interpreter  for  PROLOG  is  based  on  SLD-resolntion.  We 
base  an  interpreter  for  templog  on  a  restricted  form  of  our  temporal  resolution  system,  temporal 
SLD-resolution. 

•  Verification  of  Concurrent  Programs  ([MP1][MP2]) 

We  studied  in  detail  the  proof  methodologies  for  verifying  temporal  properties  of  concurrent 
programs.  Corresponding  to  the  main  classification  of  temporal  properties  into  the  classes  of  safety 
and  liveness  properties,  appropriate  proof  principles  were  presented  for  each  of  the  classes. 


W'e  developed  proof  principles  for  the  establishment  of  safety  properties.  We  showed  that 
essentially  there  is  only  one  such  principle  for  safety  proofs,  the  invariance  principle,  which  is  a 
generalization  of  the  method  of  intermediate  assertions.  We  also  indicated  special  cases  under 
which  these  assertions  can  be  found  algorithmically. 

The  proof  principle  that  we  developed  for  liveness  properties  is  based  on  the  notion  of  well- 
founded  descent  of  ranking  functions.  However,  because  of  the  nondeterminancy  inherent  in  concur¬ 
rent  computations,  the  well-founded  principle  must  be  modified  in  a  way  that  is  strongly  dependent 
on  the  notion  of  faivness  that  is  assumed  in  the  computation.  Consequently,  three  versions  of  the 
well-founded  principle  were  presented,  each  corresponding  to  a  different  definition  of  fairness. 

•  Specification  and  Verification  by  Predicate  Automata  ([MP3]) 

We  e.xamined  the  possibility  of  specifying  and  verifying  temporal  properties  using  an  extension 
of  finite-state  automata,  called  predicate  automata.  These  automata  extend  the  conventional  notion 
of  automata  in  three  respects.  The  first  extension  is  that  the  conditions  for  transitions  between 
states  can  be  arbitrary  predicates  expressed  in  a  first-order  language.  The  second  extension  is  that 
these  automata  inspect  infinite  input  sequences,  and  hence  a  more  complex  acceptance  criterion 
is  needed.  The  third  extension  is  that  non-determinism  is  interpreted  universally,  rather  than 
existentially,  as  is  the  case  in  conventional  non-deterministic  finite-state  automata.  This  means 
that  if  the  automata  can  generate  several  possible  runs,  in  response  to  a  given  input,  then  it  is 
required  that  all  runs  are  accepting. 

By  introducing  conventions  for  representing  automata  in  a  structured  form,  we  demonstrated 
that  specification  of  temporal  properties  by  automata  can  become  very  legible  and  understandable, 
and  presents  a  viable  alternative  to  their  formulation  in  temporal  logic. 

.A  single  proof  rule  was  presented  for  proving  that  a  given  program  satisfies  a  property  speci¬ 
fiable  by  a  predicate  automaton.  The  rule  was  shown  to  be  sound  and  relatively  complete. 

•  A  Hierarchy  of  Temporal  Properties  ([MP4]) 

We  proposed  a  classification  of  temporal  properties  into  a  hierarchy  which  refines  the  known 
sa/ety-Ziccness  classification  of  properties.  The  classification  is  based  on  the  different  ways  a  prop¬ 
erty  of  finite  computations  can  be  extended  into  a  property  of  infinite  computations. 

This  hierarchy  was  studied  from  three  different  perspectives,  which  were  shown  to  agree.  Re¬ 
spectively.  we  examined  the  cases  in  which  the  finitary  properties,  and  the  infinitary  properties 
extending  them,  are  unrestricted,  specifable  by  temporal  logic,  and  specifiable  by  predicate  au¬ 
tomata.  The  unrestricted  view  leads  also  to  a  topological  characterization  of  the  hierarchy  as 
occupying  the  lowest  two  levels  in  the  Borel  hierarchy. 

For  properties  that  are  expressible  by  temporal  logic  and  predicate  automata,  we  provide 
a  syntactic  characterization  of  the  formulae  and  automata  that  specify  properties  of  the  differ¬ 
ent  classes.  The  temporal  logic  characterization  strongly  relies  on  the  use  of  the  past  temporal 
operators. 

Corresponding  to  each  class  of  properties,  we  presented  a  proof  principle  that  is  adequate  for 
proving  the  validity  of  properties  in  that  class. 
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•  Logic  Programming  Semantics:  Techniques  and  Applications  ([B1]-[B3]) 

It  is  generally  agreed  that  providing  a  precise  formal  semantics  for  a  programming  language  is 
helptiil  in  tuUy  understanding  the  language.  Idiis  is  especially  true  in  the  case  of  logic-programming- 
like  languages  for  which  the  underlying  logic  provides  a  well-defined  but  insufficient  semantic  basis. 
Indeed,  in  addition  to  the  usual  model-theoretic  semantics  of  the  logic,  proof-theoretic  deduction 
i)lays  a  crucial  role  in  understanding  logic  programs.  Moreover,  for  specific  implementations  of 
logic  programming,  e.g.  PROLOG,  the  notion  of  deduction  stategy  is  also  important. 

\\‘e  provided  semantics  for  two  types  of  logic  programming  languages  and  develop  applications 
of  these  semantics.  First,  we  propose  a  semantics  of  PROLOG  programs  that  we  use  as  the  basis  of 
a  proof  method  for  termination  properties  of  Prolog  jjrograms.  Second,  we  turn  to  the  temporal 
logic  programming  language  TEMPLOG  of  .\badi  and  Manna,  develop  its  declarative  semantics, 
and  then  use  this  semantics  to  prove  a  completeness  result  for  a  fragment  of  temporal  logic  and  to 
study  TEMPLOg's  e.xpressiveness. 

In  our  PROLOG  semantics,  a  program  is  viewed  as  a  function  mapping  a  goal  to  a  finite  or 
infinite  sequence  of  answer  substitutions.  The  meaning  of  a  program  is  then  given  by  the  least 
solution  of  a  system  of  functional  equations  associated  with  the  program.  These  equations  are 
taken  as  axioms  in  a  first-order  theory  in  %vhich  various  program  properties,  especially  termination 
or  non-termination  properties,  can  be  proved.  The  method  extends  to  Prolog  programs  with 
extra-logical  features  such  as  cut. 

For  TEMPLOG.  we  provide  two  equivalent  formulations  of  the  declarative  semantics:  in  terms 
of  a  minimal  temporal  Herbrand  model  and  in  terms  of  a  least  fi.xpoint.  Using  the  least  fixpoint 
semantics,  we  are  able  to  prove  that  templog  is  a  fragment  of  temporal  logic  that  admits  a 
complete  proof  system.  This  semantics  also  enables  us  to  study  TEMPLOG’s  expressiveness.  For 
this,  we  focus  on  the  propositional  fragment  of  TEMPLOG  and  prove  that  the  expressiveness  of 
propositional  TEMPLOG  queries  essentially  corresponds  to  that  of  finite  automata. 
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